Better data, training and hiring processes key to cyber workforce strategy, groups say

There are plenty of ideas about how the upcoming White House National Cybersecurity Director workforce strategy could help address a nationwide cyber talent shortage.

The bureau issued a request for labor, training and education information online last month. The window for submitting a response closed on November 3.

For federal agencies, the challenge is particularly acute as they struggle to compete with private sector wages and job flexibilities.

Agencies have hired more than 42,000 cybersecurity…

READ MORE

There are plenty of ideas about how the upcoming White House National Cybersecurity Director workforce strategy could help address a nationwide cyber talent shortage.

The bureau issued a request for labor, training and education information online last month. The window for submitting a response closed on November 3.

For federal agencies, the challenge is particularly acute as they struggle to compete with private sector wages and job flexibilities.

The agencies hired more than 42,000 cybersecurity and IT professionals between 2015 and 2020. They now represent 7% of the federal workforce. But cybersecurity remains a high-risk functional area in the eyes of the Office of Personnel Management.

The strategy ahead could begin to push agencies to use a range of existing flexibilities to recruit, hire and retain cyber talent. This is one of many recommendations from the MITER Corporation. It highlights e-pay flexibilities, programs such as Scholarship-for-Service and the Department of Labor’s e-learning program.

White House leaders have sought to expand special salaries and other flexibilities so agencies don’t compete for cyber talent.

But beyond these hiring and training tools, Dave Powner of MITER said agencies need to do a better job of marketing to cyber and IT professionals. He referenced potential cybersecurity positions at agencies including the Department of Homeland Security, Department of Defense, National Security Agency and other intelligence agencies.

“The government needs to sell the mission better,” Powner said in an interview. “And when you look at some of these organizations and the missions that we operate in, that’s very appealing to many, many of those in the workforce, including the younger workforce. “

The Foundation for Defense of Democracies recommends that the office of the national director of cybersecurity consider establishing a federal cyber workforce development institute to help train early-career professionals.

Mark Montgomery, senior director of FDD’s Center for Cyber ​​and Technology Innovation, said the institute would allow human capital managers across agencies to tap into shared resources for employee training and professional development. And it would show individuals that the government has a stake in their career progression.

“In other words, get me to that point where I gain experience more quickly in leadership roles or broader responsibilities,” Montgomery said. “And the way you do that properly develops people. If we have that intrinsic value of government service, if we have appropriate pay scales, and if we have a good system for developing people as they go through it, we will have exceptional retention.

The theoretical institute could also solve another problem: a lack of familiarity with cybersecurity skills among federal hiring managers. Montgomery said the institute could train human resources specialists who would lead cyber talent management and recruitment initiatives across agencies.

“The Department of Agriculture’s human resources team is probably world class when it comes to hiring food inspectors,” Montgomery said. “It’s hard for them to also be world-class in cyber. And as we get to smaller and smaller federal agencies, it gets harder and harder. . . For many of these federal agencies, cyber is not a primary mission. It’s a core vulnerability, but not a core mission.

Along the same lines, the Information Technology Industry Council recommends that the workforce strategy direct agencies to prioritize skills-based hiring, as opposed to which he calls “overly rigid education and experience requirements” used in the traditional federal hiring experience.

Data related to DEIA, neurodiversity

The lack of good data on the cyber workforce is another key issue that the Office of the National Director of Cyber ​​Security could address in its next strategy. The lack of data on the federal cyber workforce has been highlighted by numerous studies.

According to Irv Lachow, chief engineer of MITER’s Homeland Security Enterprise division, the issue is particularly important for attracting and developing a diverse pool of cyber talent. MITER recommends that the cyber workforce strategy be linked to the Biden administration’s broader initiatives on diversity, equity, inclusion and accessibility.

“In order to understand how well we as a nation are doing on this cyber workforce issue, we need to understand the demographics of that workforce,” Lachow said. “And we don’t really have a good overview of that at the national level. And so we have no basis. And so, if you don’t have a baseline, you can’t track the effectiveness of different policies or initiatives. Because you don’t have consistent data.

The National Science Foundation produced a report on women, minorities, and people with disabilities in science and engineering. Lachow said a similar report on cyber workforce participation could help address the DEI&A challenges highlighted by the National Cybersecurity Director’s RFI.

“I think the government has an opportunity to take what the NSF has done and apply it to the cyber workforce and go into even more detail,” Lachow said. “How many people are cyber analysts, how many people are threat analysts, how many people work in the help desk.”

MITER also recommends that the cyber workforce strategy include a way to leverage neurodiverse individuals, including people with autism. According to MITER, neurodiverse people are often better at hacking and systemizing skills, valuable traits in the world of cybersecurity.

But autistic candidates are also less likely to be hired, MITER said, because interviewers often lack knowledge about autistic traits such as sensory sensitivities, as well as reduced facial expressions and the reciprocity of smiles and handshakes. hand.

There’s also a lack of data on neurodiversity in the workforce, according to Teresa Thomas, neurodiverse talent activation program manager at MITRE.

“There’s not a lot of data on how many people already in the federal workforce are on the autism spectrum and especially not in cyber roles,” she said. “The data that could prove how well they could do or how well they could close the gaps is lacking.”

The National Geospatial Intelligence Agency in 2020 became the first federal agency to participate in a federal neurodiverse workforce pilot program.

NGA’s experience could help inform other agencies as they seek to hire and retain neurodiverse people for cybersecurity roles, Thomas said, as well as force agencies to improve their overall recruitment processes. hiring and retention.

“It’s a big population, and it’s definitely worth tapping into,” she said. “If we can get them and keep them, that won’t solve all of our cyber-hiring problems, but it’s definitely a step in the right direction. And all these other things that we learn along the way make everything we do better. If your managers give clear guidelines now, if you treat each person as an individual, if you make your application process more clear and understandable, it improves the system for everyone trying to get in.

The public comment period on the National Cybersecurity Director’s Workforce Information Request ended on November 3. Officials plan to invite some respondents to virtual conversations. The workforce strategy is expected to be released sometime next year.


Source link

Comments are closed.